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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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Remarks 

Claims 1-23 are pending. 

Oath/Declaration 

1 . Applicant has not given a post office address anywhere in the application papers 
as required by 37 CFR 1 .33(a), which was in effect at the time of filing of the oath or 
declaration. A statement over applicant's signature providing a complete post office 
address is required. 

Drawings 

2. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference character(s) not mentioned in the 
description: 

- Figure 4: reference number 108. 

- Figure 5: reference number 1 12. 

- Figure 6: reference number 122. 

- Figure 8: reference number 136. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to 
the specification to add the reference character(s) in the description in compliance with 
37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
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amended. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 



Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1-23 are rejected under 35 U.S.C. 112. second paragraph, as they are 

replete with errors including use of language that makes the claim scope and meaning 

unclear, inconsistencies within the claims, and antecedent basis problems that stem 

from incorrect dependencies, misspellings, etc. For the examples, the examiner is 

using the line numbers read on the left hand side of the claim pages. 

Examples are as follows: 

- Claim 1 , lines 26-27 read "in response to the packet, authenticating the user 
at the head end server". For purposes of prior art rejection, it has been 
construed as "in response to receiving the packet, authenticating the user at 
the head end server". 

- Claim 1 , lines 28-29 read "providing the packet to the user privilege proxy". 
There is insufficient antecedent basis for this limitation in the claim. For 
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purposes of prior art rejection, it has been construed as "providing the packet 
to the user privilege server proxy". 

- Claim 2, lines 2-3 read "negotiating the authentication scheme". There is 
insufficient antecedent basis for this limitation in the claims. For purposes of 
prior art rejection, it has been construed as "negotiating an authentication 
scheme". 

- Claim 3, lines 1-2 read "A method as recited in claim 1 wherein negotiating an 
authentication scheme". It is clear that this should be dependent upon claim 
2, where the step of negotiating an authentication scheme is first claimed. 

- Claim 4 reads "A method as recited in claim 1 wherein the step of validating 
comprises validating in accordance with the authentication scheme." In claim 
1, there are multiple recitations of validating, so it is unclear as to which one 
applicant intends for claim 4 to refer to. For purposes of prior art rejection, it 
has been assumed that this refers to the validation at lines 12-13 of claim 1 . 
Also, there is insufficient antecedent basis for "the authentication scheme" in 
the claims. For purposes of prior art rejection, claim 4 has been construed as 
being dependent upon claim 2. 

- Claim 8, lines 14-15 read "presenting the user information to a head end 
server". In the preamble, there is a head end server already claimed, and 
when viewed in conjunction with the other claims, it has been construed that 
both of these head end servers are, indeed, the same, as can be written 
"presenting the user information to the head end server". 
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- Claim 1 1 , lines 2-3 read "generating a ticket by encrypting the user". It is 
unclear as to what is meant by this statement, and has been construed as 
"generating a ticket by encryption". 
These are only examples, as there are many more errors in the claims, all of 
which must be corrected. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Grantges (U.S. Patent 6,324,648) in view of Wood (U.S. Patent 6,609,198). 
Regarding Claim 8, 

Grantges discloses a method of authenticating a user having a user 
privilege server proxy (client computer/browser) for a network system 
having a privilege server (authorization server/certificate authority), a head 
end server (proxy server) and a web adapter (application gateway) 
comprising: 

Negotiating an authentication scheme between the user privilege 
server proxy and privilege server (Column 4, lines 33-65); 
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Presenting user information to the web adapter (Column 12. line 57 
to Column 13, line 17); 

Presenting the user information to the head end server (Column 12, 
line 57 to Column 13, line 17); 

Presenting the user information to the privilege server from the 
head end server (Column 12, line 57 to Column 13, line 17); 

Validating the user at the privilege server in response to receiving 
the user information in accordance with the authentication scheme 
(Column 13, lines 8-41); 

When the user is validated, generating a ticket for the user at the 
privilege server (Column 13, lines 8-41); 

Encrypting the ticket with a user password to form an encrypted 
ticket (Column 7, line 63 to Column 8, line 14); 

Providing the encrypted ticket to the user privilege server proxy 
through the head end server (Column 13, lines 18-41); 

Decrypting the encrypted ticket (Column 7. line 63 to Column 8, line 
14; and Column 13, lines 18-41); 

Forming a service access request token from the ticket and user 
identification at the user privilege server proxy (Column 8, lines 16-28); 

Sending the token from the user privilege server proxy to the 
privilege server (Column 8, line 29 to Column 9, line 18); 
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Validating the user in response to receiving the token (Column 9, 
lines 6-18); 

Providing the packet to the head end server (Column 9, lines 6-18); 

In response to receiving the packet, authenticating the user at the 
head end server (Column 9, lines 6-18; and Column 10, lines 6-25); 

Providing the packet to the user privilege server proxy (Column 10, 
lines 6-25); 

Sending the ticket and sequence number encrypted with the 
session key to a service server through the web adapter (Column 8, lines 
40-51; and Column 11, line 63 to Column 12, line 10); 

Validating the user at the service server (Column 1 1 , lines 13-30); 

Granting the user role based privileges at the service server 
(Column 1 1 , line 63 to Column 12, line 1 0). 

Grantges does not disclose forming a packet having a sequence 
number and session key encrypted with the ticket at the privilege server or 
decrypting this packet. 

Wood, however, discloses validating the user in response to 
receiving the token (Column 12, line 52 to Column 13, line 10); forming a 
packet having a sequence number and session key encrypted with the 
ticket at the privilege server (Column 12, line 52 to Column 13, line 10); 
and decrypting the packet (Column 13, lines 27-44). 
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It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the credential level change 
system of Wood into the secure gateway of Grantges in order to allow 
credentials to be upgraded and downgraded as needed within the same 
session, so that a high security, overcredentialled log-on state is not 
required and need not be maintained (Column 2, lines 47-67). 
Regarding Claim 1, 

Claim 1 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 2, 

Claim 2 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 4, 

Claim 4 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 5, 

Claim 5 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 6, 

Claim 6 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 7, 
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Claim 7 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 13, 

Claim 13 is a system claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 14, 

Claim 14 is a system claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 22, 

Claim 22 is a system claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 23, 

Claim 23 is a method claim that is broader than method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 9, 

Grantges discloses that negotiating an authentication scheme 
between the user privilege server proxy and privilege server comprises 
presenting at least one security mechanism from the user privilege server 
proxy to the privilege server; and accepting or rejecting the at least one 
security mechanism at the privilege server (Column 4, lines 33-65). 
Regarding Claim 3, 
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Claim 3 is a method claim that is broader than method claim 9 and 
is rejected for the same reasons. 
Regarding Claim 10, 

Grantges discloses that the step of validating at the privilege server 
is performed by a policy engine within the privilege server (Column 7, lines 
29-44). 
Regarding Claim 11, 

Grantges discloses that generating a ticket comprises generating a 
ticket by encryption (Column 7, line 63 to Column 8, line 14). 
Regarding Claim 12, 

Claim 12 is a method claim that is broader than method claim 8, 
except for the steps of including a session name and choosing a service in 
the service server. Grantges discloses including a session name (Column 
10, lines 32-53) and choosing a service in the service server (Column 9, 
lines 19-34). 
Regarding Claim 15, 

Grantges discloses that the user information comprises a user 
identification number (Column 14, lines 43-65). 
Regarding Claim 16, 

Grantges discloses that the privilege server has a policy engine 
therein (Column 7, lines 29-44). 
Regarding Claim 17, 
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Grantges discloses that the privilege server comprises a key 
generator coupled to the policy engine (Column 12, line 52 to Column 13, 
line 10; and Column 15, lines 1-25). 
Regarding Claim 18, 

Grantges discloses that the privilege server comprises a proxy 
coordinator coupled to the policy engine (Column 9, lines 6-18). 
Regarding Claim 19, 

Grantges discloses that the privilege server comprises an 
obfuscator/deobfuscator coupled to the policy engine (Column 7. line 63 to 
Column 8, line 14). 
Regarding Claim 20, 

Grantges discloses that the privilege server comprise a store 
keeper coupled to the policy engine (Column 7, lines 29-44). 
Regarding Claim 21, 

Grantges discloses that the store keeper comprises a user 
information list (Column 7, lines 29-44). 

Wood discloses that the store keeper comprises a user information 
list and a session information list (Column 12, line 52 to Column 13, line 
10). 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 
272-7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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